Lines Matching refs:verify
22 sub verify {
24 my @args = qw(openssl verify -auth_level 1);
36 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
40 ok(!verify("ee-cert", "sslserver", [qw(root-nonca)], [qw(ca-cert)]),
42 ok(!verify("ee-cert", "sslserver", [qw(nroot+serverAuth)], [qw(ca-cert)]),
44 ok(!verify("ee-cert", "sslserver", [qw(nroot+anyEKU)], [qw(ca-cert)]),
46 ok(!verify("ee-cert", "sslserver", [qw(root-cert2)], [qw(ca-cert)]),
48 ok(!verify("ee-cert", "sslserver", [qw(root-name2)], [qw(ca-cert)]),
53 ok(verify("ee-cert-noncrit-unknown-ext", "", ["root-cert"], ["ca-cert"]),
55 ok(!verify("ee-cert-crit-unknown-ext", "", ["root-cert"], ["ca-cert"]),
57 ok(verify("ee-cert-ocsp-nocheck", "", ["root-cert"], ["ca-cert"]),
62 ok(verify("ee-cert", "sslserver", [qw(sroot-cert)], [qw(ca-cert)]),
64 ok(!verify("ee-cert", "sslserver", [qw(croot-cert)], [qw(ca-cert)]),
66 ok(verify("ee-cert", "sslserver", [qw(root+serverAuth)], [qw(ca-cert)]),
68 ok(verify("ee-cert", "sslserver", [qw(sroot+serverAuth)], [qw(ca-cert)]),
70 ok(verify("ee-cert", "sslserver", [qw(croot+serverAuth)], [qw(ca-cert)]),
73 ok(verify("ee-cert", "sslserver", [qw(root+anyEKU)], [qw(ca-cert)]),
75 ok(verify("ee-cert", "sslserver", [qw(sroot+anyEKU)], [qw(ca-cert)]),
77 ok(verify("ee-cert", "sslserver", [qw(croot+anyEKU)], [qw(ca-cert)]),
80 ok(verify("ee-cert", "sslserver", [qw(root-clientAuth)], [qw(ca-cert)]),
82 ok(verify("ee-cert", "sslserver", [qw(sroot-clientAuth)], [qw(ca-cert)]),
84 ok(!verify("ee-cert", "sslserver", [qw(croot-clientAuth)], [qw(ca-cert)]),
87 ok(!verify("ee-cert", "sslserver", [qw(root+clientAuth)], [qw(ca-cert)]),
89 ok(!verify("ee-cert", "sslserver", [qw(sroot+clientAuth)], [qw(ca-cert)]),
91 ok(!verify("ee-cert", "sslserver", [qw(croot+clientAuth)], [qw(ca-cert)]),
94 ok(!verify("ee-cert", "sslserver", [qw(root-serverAuth)], [qw(ca-cert)]),
96 ok(!verify("ee-cert", "sslserver", [qw(sroot-serverAuth)], [qw(ca-cert)]),
98 ok(!verify("ee-cert", "sslserver", [qw(croot-serverAuth)], [qw(ca-cert)]),
101 ok(!verify("ee-cert", "sslserver", [qw(root-anyEKU)], [qw(ca-cert)]),
103 ok(!verify("ee-cert", "sslserver", [qw(sroot-anyEKU)], [qw(ca-cert)]),
105 ok(!verify("ee-cert", "sslserver", [qw(croot-anyEKU)], [qw(ca-cert)]),
111 ok(verify("ee-cert", "sslserver", [qw(root-serverAuth root-cert2 ca-root2)],
114 ok(verify("ee-cert", "sslserver", [qw(root-cert root2+serverAuth ca-root2)],
117 ok(!verify("ee-cert", "sslserver", [qw(root-cert root2-serverAuth ca-root2)],
120 ok(!verify("ee-cert", "sslserver", [qw(root-cert root2+clientAuth ca-root2)],
125 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonca)]),
127 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-nonbc)]),
129 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonca)], []),
131 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-nonbc)], []),
133 ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+serverAuth)], []),
135 ok(!verify("ee-cert", "sslserver", [qw(root-cert nca+anyEKU)], []),
137 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-cert2)]),
139 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-name2)]),
141 ok(!verify("ee-cert", "sslserver", [qw(root-cert)], [qw(ca-root2)]),
143 ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"),
145 ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"),
147 ok(!verify("ee-cert", "sslserver", [qw(ca-expired)], [], "-partial_chain"),
149 ok(!verify("ee-cert", "sslserver", [qw(root-expired)], [qw(ca-cert)]),
151 ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"),
153 ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"),
155 ok(verify("ee-cert", "sslserver", [qw(ca+serverAuth)], [], "-partial_chain"),
157 ok(verify("ee-cert", "sslserver", [qw(cca+serverAuth)], [], "-partial_chain"),
159 ok(verify("ee-cert", "sslserver", [qw(ca-clientAuth)], [], "-partial_chain"),
161 ok(verify("ee-cert", "sslserver", [qw(ca+anyEKU)], [], "-partial_chain"),
163 ok(!verify("ee-cert", "sslserver", [], [qw(ca+serverAuth)], "-partial_chain"),
165 ok(!verify("ee-cert", "sslserver", [qw(ca-serverAuth)], [], "-partial_chain"),
167 ok(!verify("ee-cert", "sslserver", [qw(ca+clientAuth)], [], "-partial_chain"),
169 ok(!verify("ee-cert", "sslserver", [qw(ca-anyEKU)], [], "-partial_chain"),
175 ok(verify("ee-cert", "sslserver", [qw(root-cert ca+serverAuth)], [qw(ca-cert)]),
177 ok(verify("ee-cert", "sslserver", [qw(root-cert ca+anyEKU)], [qw(ca-cert)]),
179 ok(verify("ee-cert", "sslserver", [qw(root-cert sca-cert)], [qw(ca-cert)]),
181 ok(verify("ee-cert", "sslserver", [qw(root-cert sca+serverAuth)], [qw(ca-cert)]),
183 ok(verify("ee-cert", "sslserver", [qw(root-cert sca+anyEKU)], [qw(ca-cert)]),
185 ok(verify("ee-cert", "sslserver", [qw(root-cert sca-clientAuth)], [qw(ca-cert)]),
187 ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)], [qw(ca-cert)]),
189 ok(verify("ee-cert", "sslserver", [qw(root-cert cca+anyEKU)], [qw(ca-cert)]),
191 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-cert)], [qw(ca-cert)]),
193 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-anyEKU)], [qw(ca-cert)]),
195 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)], [qw(ca-cert)]),
197 ok(!verify("ee-cert", "sslserver", [qw(root-cert ca+clientAuth)], [qw(ca-cert)]),
199 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca+clientAuth)], [qw(ca-cert)]),
201 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca+clientAuth)], [qw(ca-cert)]),
203 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-serverAuth)], [qw(ca-cert)]),
205 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-clientAuth)], [qw(ca-cert)]),
207 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-serverAuth)], [qw(ca-cert)]),
209 ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-anyEKU)], [qw(ca-cert)]),
211 ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-anyEKU)], [qw(ca-cert)]),
215 ok(verify("ee-client", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
217 ok(!verify("ee-client", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
219 ok(!verify("ee-cert", "sslclient", [qw(root-cert)], [qw(ca-cert)]),
221 ok(!verify("ee-cert2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
223 ok(!verify("ee-name2", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
225 ok(!verify("ee-expired", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
227 ok(verify("ee-cert", "sslserver", [qw(ee-cert)], [], "-partial_chain"),
229 ok(verify("ee-client", "sslclient", [qw(ee-client)], [], "-partial_chain"),
231 ok(!verify("ee-cert", "sslserver", [qw(ee-client)], [], "-partial_chain"),
233 ok(verify("ee-cert", "sslserver", [qw(ee+serverAuth)], [], "-partial_chain"),
235 ok(!verify("ee-cert", "sslserver", [qw(ee-serverAuth)], [], "-partial_chain"),
237 ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
239 ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
241 ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
243 ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"),
247 ok(verify("ee-timestampsign-CABforum", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
249 ok(!verify("ee-timestampsign-CABforum-noncritxku", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
251 ok(!verify("ee-timestampsign-CABforum-serverauth", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
253 ok(!verify("ee-timestampsign-CABforum-anyextkeyusage", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
255 ok(!verify("ee-timestampsign-CABforum-crlsign", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
257 ok(!verify("ee-timestampsign-CABforum-keycertsign", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
259 ok(verify("ee-timestampsign-rfc3161", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
261 ok(!verify("ee-timestampsign-rfc3161-noncritxku", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
263 ok(verify("ee-timestampsign-rfc3161-digsig", "timestampsign", [qw(root-cert)], [qw(ca-cert)]),
267 ok(verify("ee-codesign", "codesign", [qw(root-cert)], [qw(ca-cert)]),
269 ok(!verify("ee-codesign-serverauth", "codesign", [qw(root-cert)], [qw(ca-cert)]),
271 ok(!verify("ee-codesign-anyextkeyusage", "codesign", [qw(root-cert)], [qw(ca-cert)]),
273 ok(!verify("ee-codesign-crlsign", "codesign", [qw(root-cert)], [qw(ca-cert)]),
275 ok(!verify("ee-codesign-keycertsign", "codesign", [qw(root-cert)], [qw(ca-cert)]),
277 ok(!verify("ee-codesign-noncritical", "codesign", [qw(root-cert)], [qw(ca-cert)]),
279 ok(!verify("ee-cert", "codesign", [qw(root-cert)], [qw(ca-cert)]),
281 ok(!verify("ee-client", "codesign", [qw(root-cert)], [qw(ca-cert)]),
283 ok(!verify("ee-timestampsign-CABforum", "codesign", [qw(root-cert)], [qw(ca-cert)]),
285 ok(!verify("ee-timestampsign-rfc3161", "codesign", [qw(root-cert)], [qw(ca-cert)]),
289 ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
291 ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)],
294 ok(verify("pc2-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
297 ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
300 ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
303 ok(verify("pc5-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
306 ok(!verify("pc6-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)],
311 ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
313 ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
315 ok(verify("ee-cert", "", ["root-cert-768"], ["ca-cert-768i"], "-auth_level", "0"),
317 ok(!verify("ee-cert", "", ["root-cert-768"], ["ca-cert-768i"]),
319 ok(verify("ee-cert-768i", "", ["root-cert"], ["ca-cert-768"], "-auth_level", "0"),
321 ok(!verify("ee-cert-768i", "", ["root-cert"], ["ca-cert-768"]),
323 ok(verify("ee-cert-768", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
325 ok(!verify("ee-cert-768", "", ["root-cert"], ["ca-cert"]),
328 ok(verify("ee-cert", "", ["root-cert-md5"], ["ca-cert"], "-auth_level", "2"),
330 ok(verify("ee-cert", "", ["ca-cert-md5-any"], [], "-auth_level", "2"),
332 ok(verify("ee-cert", "", ["root-cert"], ["ca-cert-md5"], "-auth_level", "0"),
334 ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert-md5"]),
336 ok(verify("ee-cert-md5", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
338 ok(!verify("ee-cert-md5", "", ["root-cert"], ["ca-cert"]),
345 ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
348 ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
351 ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
354 ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], ),
356 ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], ),
358 ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], ),
360 ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], ),
375 ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
377 ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
379 ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
381 ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
393 ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
396 ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
399 ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
409 ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "2"),
411 ok(verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "1"),
413 ok(!verify("ee-cert", "", ["root-cert"], ["ca-cert"], "-verify_depth", "0"),
415 ok(verify("ee-cert", "", ["ca-cert-md5-any"], [], "-verify_depth", "0"),
420 ok(verify("alt1-cert", "", ["root-cert"], ["ncca1-cert"], ),
423 ok(verify("alt2-cert", "", ["root-cert"], ["ncca2-cert"], ),
426 ok(verify("alt3-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
429 ok(verify("goodcn1-cert", "", ["root-cert"], ["ncca1-cert"], ),
432 ok(verify("goodcn2-cert", "", ["root-cert"], ["ncca1-cert"], ),
435 ok(!verify("badcn1-cert", "", ["root-cert"], ["ncca1-cert"], ),
438 ok(!verify("badalt1-cert", "", ["root-cert"], ["ncca1-cert"], ),
441 ok(!verify("badalt2-cert", "", ["root-cert"], ["ncca2-cert"], ),
444 ok(!verify("badalt3-cert", "", ["root-cert"], ["ncca1-cert"], ),
447 ok(!verify("badalt4-cert", "", ["root-cert"], ["ncca1-cert"], ),
450 ok(!verify("badalt5-cert", "", ["root-cert"], ["ncca1-cert"], ),
453 ok(!verify("badalt6-cert", "", ["root-cert"], ["ncca1-cert"], ),
456 ok(!verify("badalt7-cert", "", ["root-cert"], ["ncca1-cert"], ),
459 ok(!verify("badalt8-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
462 ok(!verify("badalt9-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
465 ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
468 ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ),
471 ok(verify("nc-uri-cert", "", ["root-cert"], ["ncca4-cert"], ),
477 ok(verify("bad-othername-namec", "", ["bad-othername-namec-inter"], [],
482 ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
485 ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
488 ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
491 ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
494 ok(verify("ee-pss-cert", "", ["root-cert"], ["ca-pss-cert"], ),
496 ok(!verify("ee-pss-wrong1.5-cert", "", ["root-cert"], ["ca-pss-cert"], ),
499 ok(!verify("many-names1", "", ["many-constraints"], ["many-constraints"], ),
501 ok(!verify("many-names2", "", ["many-constraints"], ["many-constraints"], ),
503 ok(!verify("many-names3", "", ["many-constraints"], ["many-constraints"], ),
506 ok(verify("some-names1", "", ["many-constraints"], ["many-constraints"], ),
508 ok(verify("some-names2", "", ["many-constraints"], ["many-constraints"], ),
510 ok(verify("some-names2", "", ["many-constraints"], ["many-constraints"], ),
512 ok(verify("root-cert-rsa2", "", ["root-cert-rsa2"], [], "-check_ss_sig"),
515 ok(verify("ee-self-signed", "", ["ee-self-signed"], [], "-attime", "1593565200"),
517 ok(verify("ee-ss-with-keyCertSign", "", ["ee-ss-with-keyCertSign"], []),
525 ok(verify("ee-ed25519", "", ["root-ed25519"], []),
528 ok(!verify("ee-ed25519", "", ["root-ed25519"], [], "-x509_strict"),
531 ok(!verify("root-ed25519", "", ["ee-ed25519"], []),
534 ok(verify("root-ed25519", "", ["root-ed25519"], []),
537 ok(!verify("ee-ed25519", "", ["ee-ed25519"], []),
540 ok(verify("ee-ed25519", "", ["ee-ed25519"], [], "-partial_chain"),
548 ok_nofips(verify("sm2", "", ["sm2-ca-cert"], [], "-vfyopt", "distid:1234567812345678"),
550 ok_nofips(verify("sm2", "", ["sm2-ca-cert"], [], "-vfyopt", "hexdistid:31323334353637383132333435363738"),
568 ok(run(app([ qw(openssl verify -trusted), $certplusrsa_file, $cert_file ])),
582 ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])),
587 ok(verify("ee-cert-policies", "", ["root-cert"], ["ca-pol-cert"],
592 ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],
600 sub vfy_root { verify($rootcertname, "", [], [], @_) }
Indexes created Wed Apr 08 00:23:23 UTC 2026